This issue usually occurs when a request from an authenticated user without local admin rights results in a failed read of the /BIN directory by the impersonating w3wp.exe (IIS worker process for ASP.NET) process.

This behavior is typically associated with lack of permissions to the temporary folder /BIN where ASP.Net assemblies are Just In Time (JIT) compiled.

Resolution

The solution is to ensure that the Authenticated Users or \Users group (which usually contains DOMAIN\Users group) has Read & Execute, List Folder Contents and Read permissions on the /BIN folder below

C:\inetpub\wwwroot\wss\VirtualDirectories{Sitename80}.

Follow the steps below to grant the required permissions:

a. Open Windows Explorer and navigate to the /bin directory of your web application
b. Right-click on the folder and click on Properties
c. Go to Security tab and click on Edit
d. Click on Add and add the local server group Authenticated Users or \Users (this usually contains DOMAIN\Users group).
e. Select the Read & Execute, List Folder Contents and Read permissions (if you are planning to add Everyone to the /bin folder, grant Read permissions only)
f. Click OK to apply the new settings
g. Refresh the page and we should be able to browse to the site.

More Information

If an administrator accesses the site/feature that caused the error, the subsequent requests from non-administrators would succeed. This behavior is typically associated with lack of permissions to the temporary folder where ASP.Net assemblies are Just In Time compiled.

The freb trace shows a 403.0 for ManagedPipelineHandler

It seems to go through quite a few ASPNet events – but happens during the ASPNetPageRender – it goes to the ASPNetPageRender Enter, then ASPNetHTTPHandler Leave.Only then does it get a 403.0 which is not an official RFC error. The first sub-status for 403 is 403.0.

Application pool in Classic or Integrated mode

Application Pool in Classic Mode – In this case, we can configure a Wildcard mapping for ASPNET_ISAPI.dll at the website level. That would propagate to child virtual directories. That should not need any further modifications at the virtual directory level.

Application Pool in Integrated Mode – In this case, all relevant virtual directories would need individual modifications. They need to be set for specific handler.

While configuring SharePoint Server Reporting Services (SSRS) at my client, I had a really strange problem on one of the farms… I couldn’t get the SSRS Addin to install. I tried rebooting, repairing but nothing. After digging out in the logs, I found this funny error message:

CA MSG : rsCustomAction.exe failed to configure, Error code is: 1

CustomAction RSSP_CAInstall_64 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

ca msg-:rscustomaction exe failed to configure error code 1 Also, for the information I was running SQL 2012 SP1 + Windows Server 2012 R2. You might also see something like this in the logs:

Also, for the information I was running SQL 2012 SP1 + Windows Server 2012 R2. You might also see something like this in the logs:

CA MSG:rsCustomAction.exe failed to configure Error code 1

Long Story Short, after a lot of googling and asking for help from SQL & SharePoint masters, I found out that the bug is because I had a line commented in the web.config file of a web application. As strange as this may sound, after deleting the commented line, the install went through perfectly. I couldn’t find any official documentation on this, so if this worked for you please share it in the comments!